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2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal nnatters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) ^ Claim(s) 1-14 is/are pending in the application. 
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10)0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 
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DETAILED ACTION 

1. This action is responsive to communication: amendment filed 7 June 2004, with original 
application filed 04 December 2000, and acknowledgement of a foreign priority date of 08 
December 1999. 

2. Claims 1-14 are currently pending in this application. Claims 1,3,5, and 7 are 
independent claims. 

3. In view of the appeal brief filed on 20 October 2004, PROSECUTION IS HEREBY 
REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.11 1 (if this Office acfion is non-final) or a reply under 37 
CFR 1 . 1 1 3 (if this Office action is final); or, 

(2) request reinstatement of the appeal 

If reinstatement of the appeal is requested, such request must be accompanied by a supplemental 
appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1.131 or 1.132) or other 
evidence are permitted. See 37 CFR 1.193(b)(2). 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-14 have been considered but are moot in 
view of the new ground(s) of rejection. Examiner apologizes for reopening the application the 
primary and secondary references used for the new rejection were printed after the final rejection 
was written. 



Application/Control Number: 09/503,608 Page 3 

Art Unit: 2134 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 

6. Claims 1, 3, 5, 7, and 14, are rejected under 35 U.S.C. 102(e) as being anticipated by 
Schuba et al. U.S. Patent No. 6,725,378 (hereinafter '378). 

As to independent claim 1, "A method of preventing a flooding attack on a network 
server" is taught in '378 col. 1, lines 55-60 "the present invention includes a unique defense for 
denial of service attacks"; 

"in which a large number of connectionless datagrams are received for queuing to a 
port on the network server, comprising:" is shown in '378 col. 3, lines 16-33 "The Internet 
Protocol (IP) is the standard network layer protocol of the Internet that provides a 
connectionless, best effort packet delivery service. IP defines the basic unit of the data transfer 
used throughout an IP network, called a datagram. The deliver of datagrams is not guaranteed . . . 
Datagrams are routed towards their destination host" {"connectionless datagrams" same as 
"connectionless, best effort packet delivery service" / "network server" same as "destination 
host"}; 

"determining, in response to the arrival of a connectionles datagram from a host for 
a port on the network server" is disclosed in '378 col. 4, lines 52-54 "When a SYN packet 
arrives at a port on which a TCP server is listening"; 
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"if the number of connectionless; datagrams already queued to the port from the 
host exceeds a prescribed threshold discarding the datagram, if the number of 
connectionless datagrams already queued to the port from the host exceeds the prescribed 
threshold" is taught in '378 col. 4, lines 54-58 "There is a limit on the number of concurrent 
TCP connections that can be in a half-open connection state, called the SYN-RECVD state (i.e., 
SYN received). When the maximum number of half-open connections per port is reached, TCP 
discards all new incoming connections requests"; 

"and queuing the connectionless datagram to a queue slot of the port, if the number 
of connectionless, datagrams already queued to the port from the host does not exceed the 
prescribed threshold" is taught in '378 col. 4, lines 59-67 "until it has either cleared or 
completed some of the half-open connections". 

As to independent claim 3, this claim is directed to the apparatus of the method of claim 
1 and is similarly rejected along the same rationale 

As to independent claim 5, this claim is directed to a storage media containing program 
code of the method of claim 1 and is similarly rejected along the same rationale. 

As to independent claim 7, this claim is directed to a carrier wave containing program 
code of the method of claim 1 and is similarly rejected along the same rationale. 

As to dependent claim 14, "wherein the computer is the network server" is taught in 
'378 col. 4, line 52 through col. 5, line 17. 

Claim Rejections - 35 USC § 103 
7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

6. Claims 2, 4, 6, and 8-13, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'378 in further view of Yavatkar et al. U.S. Patent No. 6,735,702 (hereinafter '702). 

As to dependent claim 2, the following is not taught in '378 "wherein the determining 
if the number of datagrams already queued to the port from the host exceeds a prescribed 
threshold further comprises: calculating the prescribed threshold by multiplying a 
percentage P by the number of available queue slots for the port" however '702 teaches "A 
watchdog agent may assume a network attack exist if network congestion is detected ... In an 
alternate embodiment a watchdog agent detects network congestion by monitoring interface 
discard counts and average queue lengths for each port on the node" in col. 15, line 63 through 
col. 16, line 17. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '378 a method to protect a network from denial of service attacks to 
include a means to calculate the threshold limit per port. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to gain information needed to 
diagnose a network attack (see '702 col. 2 lines 44 et seq.) "Therefore there exists a need for a 
system and method allowing for the distributed state of a network such as information about 
attack traffic, to be quickly and accurately collected. A system and method are needed for 
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quickly and accurately diagnosing network attacks by determining information such as the 
source of, or a partial path of, attack traffic". 

As to dependent claim 4, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 

As to dependent claim 6, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 

As to dependent claim 8, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 

As to dependent claim 9, "further comprising: configuring a maximum number of 
connectionless, datagrams allowed to be queued at the port" is taught in '702 col. 12, lines 
27-39 "In step 440, proactive environment 100 instantiates service object 300 based on the class 
of service 102. Proactive environment 100 configures service object 300 per the permissioning 
accessed in step 434. For example, one set of permissioning may allow agent 1 10 to use service 
object 300 to read the operating characterisfics of port 21 and alter settings for the port". 

As to dependent claim 10, "wherein the configuring step further includes 
configuring a controlling percentage of available queue slots remaining for the port; and 
wherein the proscribed threshold is based on the controlling percentage of available queue 
slots remaining for the port" is shown in '702 col. 12, lines 27-39. 

As to dependent claim 11, "wherein the port comprises a plurality of queue slots the 
method further comprising: maintaining a number of available queue slots of the plurality 
of queue slots for the port" is disclosed in '702 col. 12, 
lines 27-39. 
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As to dependent claim 12, this claim incorporate substantially similar subject matter as 
in cited in claim 9 above and is rejected along the same rationale. 

As to dependent claim 13, this claim incorporate substantially similar subject matter as 
in cited in claim 10 above and is rejected along the same rationale. 

Conclusion 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Iran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
29 March 2005 




